Yahoo has confirmed that hackers had stolen around 400,000 account credentials from its computer system.
The company said it is fixing the vulnerability that led to the theft, changing passwords of affected users and notifying the companies whose user accounts may have been compromised. But it did not reveal the exact number of the compromised accounts or identify those other companies affected.
Late Wednesday, a hacking group known as D33Ds Company posted 453,492 account credentials in plain text on a public website, claiming that it did so as a “wake-up call” rather than a threat to Yahoo.
“There have been many security holes exploited in web servers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly,” said the group at the end of the post.
D33Ds added that some sensitive information they had got was not posted to avoid further damage.
Security firm TrustedSec said the hacked service may be Yahoo Voices, a Yahoo division focusing on online publishing which was formerly called Associated Content.
“The most alarming part to the entire story was the fact that the passwords were stored completely unencrypted,” said TrustedSec in its blog